chore(ci): lockdown workflow_run by origin (#1350)

Author: heitorlessa

Diff for: .github/workflows/label_pr_on_title.yml

@@ -14,6 +14,7 @@ jobs:
     uses: ./.github/workflows/reusable_export_pr_details.yml
     with:
       record_pr_workflow_id: ${{ github.event.workflow_run.id }}
+      workflow_origin: ${{ github.event.repository.full_name }}
     secrets:
       token: ${{ secrets.GITHUB_TOKEN }}
   label_pr:

Diff for: .github/workflows/on_merged_pr.yml

@@ -12,6 +12,7 @@ jobs:
     uses: ./.github/workflows/reusable_export_pr_details.yml
     with:
       record_pr_workflow_id: ${{ github.event.workflow_run.id }}
+      workflow_origin: ${{ github.event.repository.full_name }}
     secrets:
       token: ${{ secrets.GITHUB_TOKEN }}
   release_label_on_merge:

Diff for: .github/workflows/on_opened_pr.yml

@@ -12,6 +12,7 @@ jobs:
     uses: ./.github/workflows/reusable_export_pr_details.yml
     with:
       record_pr_workflow_id: ${{ github.event.workflow_run.id }}
+      workflow_origin: ${{ github.event.repository.full_name }}
     secrets:
       token: ${{ secrets.GITHUB_TOKEN }}
   check_related_issue:

Diff for: .github/workflows/reusable_export_pr_details.yml

@@ -6,6 +6,9 @@ on:
       record_pr_workflow_id:
         required: true
         type: number
+      workflow_origin: # see https://github.com/awslabs/aws-lambda-powertools-python/issues/1349
+        required: true
+        type: string
     secrets:
       token:
         required: true
@@ -32,6 +35,8 @@ on:
 
 jobs:
   export_pr_details:
+    # see https://github.com/awslabs/aws-lambda-powertools-python/issues/1349
+    if: inputs.workflow_origin == 'awslabs/aws-lambda-powertools-python'
     runs-on: ubuntu-latest
     env:
       FILENAME: pr.txt